3282. [bug] Restrict the TTL of NS RRset to no more than that

of the old NS RRset when replacing it. [RT #27792]
2012-02-09 20:54:46 +00:00
parent cfe57ec3e6
commit fb604d1cee
10 changed files with 164 additions and 6 deletions
--- a/3
+++ b/3
@@ -1,3 +1,6 @@
+3282.	[bug]		Restrict the TTL of NS RRset to no more than that
+			of the old NS RRset when replacing it. [RT #27792]
+
 3281.	[bug]		SOA refresh queries could be treated as cancelled
 			despite succeeding over the loopback interface.
 			[RT #27782]
--- a/bin/tests/system/resolver/clean.sh
+++ b/bin/tests/system/resolver/clean.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: clean.sh,v 1.8 2011/03/13 23:47:35 tbox Exp $
+# $Id: clean.sh,v 1.9 2012/02/09 20:54:45 marka Exp $

 #
 # Clean up after resolver tests.
@@ -23,8 +23,11 @@ rm -f */named.memstats
 rm -f dig.out dig.*.out.*
 rm -f dig.*.foo.*
 rm -f dig.*.bar.*
+rm -f dig.*.prime.*
+rm -f ns4/tld.db
 rm -f ns6/K*
 rm -f ns6/example.net.db.signed ns6/example.net.db
 rm -f ns6/dsset-example.net. ns6/example.net.db.signed.jnl
+rm -r ns6/to-be-removed.tld.db ns6/to-be-removed.tld.db.jnl
 rm -f ns7/server.db ns7/server.db.jnl
 rm -f random.data
--- a/bin/tests/system/resolver/ns4/named.conf
+++ b/bin/tests/system/resolver/ns4/named.conf
@@ -14,7 +14,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: named.conf,v 1.4 2011/03/13 23:47:36 tbox Exp $ */
+/* $Id: named.conf,v 1.5 2012/02/09 20:54:45 marka Exp $ */

 // NS4

@@ -46,3 +46,17 @@ zone "child.server" {
 	type master;
 	file "child.server.db";
 };
+
+zone "tld" {
+	type master;
+	file "tld.db";
+};
+
+key rndc_key {
+        secret "1234abcd8765";
+        algorithm hmac-md5;
+};
+
+controls {
+        inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; };
+};
--- a/bin/tests/system/resolver/ns4/tld1.db
+++ b/bin/tests/system/resolver/ns4/tld1.db
@@ -0,0 +1,29 @@
+; Copyright (C) 2011  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: tld1.db,v 1.2 2012/02/09 20:54:46 marka Exp $ 
+
+$TTL 300
+@ 			IN SOA	marka.isc.org. ns.server. (
+				2010   	; serial
+				600         	; refresh
+				600         	; retry
+				1200    	; expire
+				600       	; minimum
+				)
+@			NS	ns.tld.
+ns			A	10.53.0.4
+$TTL 5
+to-be-removed 		NS	ns.to-be-removed
+ns.to-be-removed	A	10.53.0.6
--- a/bin/tests/system/resolver/ns4/tld2.db
+++ b/bin/tests/system/resolver/ns4/tld2.db
@@ -0,0 +1,26 @@
+; Copyright (C) 2011  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: tld2.db,v 1.2 2012/02/09 20:54:46 marka Exp $ 
+
+$TTL 300
+@ 			IN SOA	marka.isc.org. ns.server. (
+				2010   	; serial
+				600         	; refresh
+				600         	; retry
+				1200    	; expire
+				600       	; minimum
+				)
+@			NS	ns.tld.
+ns			A	10.53.0.4
--- a/bin/tests/system/resolver/ns6/named.conf
+++ b/bin/tests/system/resolver/ns6/named.conf
@@ -14,7 +14,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: named.conf,v 1.2 2010/11/16 06:46:44 marka Exp $ */
+/* $Id: named.conf,v 1.3 2012/02/09 20:54:46 marka Exp $ */

 // NS4

@@ -42,3 +42,9 @@ zone "example.net" {
 	file "example.net.db.signed";
 	allow-update { any; };
 };
+
+zone "to-be-removed.tld" {
+	type master;
+	file "to-be-removed.tld.db";
+	allow-update { any; };
+};
--- a/bin/tests/system/resolver/ns6/to-be-removed.tld.db.in
+++ b/bin/tests/system/resolver/ns6/to-be-removed.tld.db.in
@@ -0,0 +1,33 @@
+; Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: to-be-removed.tld.db.in,v 1.2 2012/02/09 20:54:46 marka Exp $
+
+$TTL 600
+@	IN SOA	ns hostmaster 1 1800 900 604800 600
+@	IN NS	ns
+ns	IN A	10.53.0.6
+ns0	IN A	10.53.0.6
+ns1	IN A	10.53.0.6
+ns2	IN A	10.53.0.6
+ns3	IN A	10.53.0.6
+ns4	IN A	10.53.0.6
+ns5	IN A	10.53.0.6
+ns6	IN A	10.53.0.6
+ns7	IN A	10.53.0.6
+ns8	IN A	10.53.0.6
+ns9	IN A	10.53.0.6
+$TTL 1
+@	IN A	10.53.0.6
+www	IN A	10.53.0.6
--- a/bin/tests/system/resolver/setup.sh
+++ b/bin/tests/system/resolver/setup.sh
@@ -14,9 +14,11 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: setup.sh,v 1.5 2011/03/13 23:47:35 tbox Exp $
+# $Id: setup.sh,v 1.6 2012/02/09 20:54:45 marka Exp $

 ../../../tools/genrandom 400 random.data

+cp ns4/tld1.db ns4/tld.db
+cp ns6/to-be-removed.tld.db.in ns6/to-be-removed.tld.db
 cp ns7/server.db.in ns7/server.db
 (cd ns6 && sh keygen.sh)
--- a/bin/tests/system/resolver/tests.sh
+++ b/bin/tests/system/resolver/tests.sh
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: tests.sh,v 1.20 2011/07/28 03:18:17 each Exp $
+# $Id: tests.sh,v 1.21 2012/02/09 20:54:45 marka Exp $

 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -264,6 +264,35 @@ $DIG @10.53.0.7 -p 5300 -x 172.20.1.1 > dig.ns4.out.19.${n} || ret=1
 grep 'flags: qr rd ra;' dig.ns4.out.19.${n} > /dev/null || ret=1
 if [ $ret != 0 ]; then echo "I:failed"; status=1; fi

+n=`expr $n + 1`
+echo "I:checking that removal of a delegation is honoured ($n)"
+ret=0
+$DIG -p 5300 @10.53.0.5 www.to-be-removed.tld A > dig.ns5.prime.${n}
+grep "status: NOERROR" dig.ns5.prime.${n} > /dev/null || { ret=1; echo "I: priming failed"; }
+cp ns4/tld2.db ns4/tld.db
+($RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reload tld 2>&1 ) | 
+sed -e '/reload queued/d' -e 's/^/I:ns4 /'
+old=
+for i in 0 1 2 3 4 5 6 7 8 9
+do
+	foo=0
+	$DIG -p 5300 @10.53.0.5 ns$i.to-be-removed.tld A > /dev/null
+	$DIG -p 5300 @10.53.0.5 www.to-be-removed.tld A > dig.ns5.out.${n}
+	grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || foo=1
+	[ $foo = 0 ] && break
+	$NSUPDATE << EOF
+server 10.53.0.6 5300
+zone to-be-removed.tld
+update add to-be-removed.tld 100 NS ns${i}.to-be-removed.tld
+update delete to-be-removed.tld NS ns${old}.to-be-removed.tld
+send
+EOF
+	old=$i
+	sleep 1
+done
+[ $ret = 0 ] && ret=$foo; 
+if [ $ret != 0 ]; then echo "I:failed"; status=1; fi
+
 echo "I:exit status: $status"

 exit $status
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -15,7 +15,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: rbtdb.c,v 1.326 2012/01/04 23:46:49 tbox Exp $ */
+/* $Id: rbtdb.c,v 1.327 2012/02/09 20:54:46 marka Exp $ */

 /*! \file */

@@ -6126,6 +6126,19 @@ add(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
 					      addedrdataset);
 			return (ISC_R_SUCCESS);
 		}
+		/*
+		 * If we have will be replacing a NS RRset force its TTL
+		 * to be no more than the current NS RRset's TTL.  This
+		 * ensures the delegations that are withdrawn are honoured.
+		 */ 
+		if (IS_CACHE(rbtdb) && header->rdh_ttl > now &&
+		    header->type == dns_rdatatype_ns &&
+		    !header_nx && !newheader_nx &&
+		    header->trust <= newheader->trust) {
+			if (newheader->rdh_ttl > header->rdh_ttl) {
+				newheader->rdh_ttl = header->rdh_ttl;
+			}
+		}
 		if (IS_CACHE(rbtdb) && header->rdh_ttl > now &&
 		    (header->type == dns_rdatatype_a ||
 		     header->type == dns_rdatatype_aaaa) &&